VYPR

Lms

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-52833CriJul 4, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS lms allows SQL Injection.This issue affects LMS: from n/a through <= 9.2.

  • CVE-2022-42923HigOct 31, 2022
    risk 0.54cvss 8.3epss 0.01

    Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the…

  • CVE-2025-52799HigJun 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= 9.2.

  • CVE-2021-47907MedMay 10, 2026
    risk 0.42cvss 6.4epss 0.00

    Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that…

  • CVE-2026-3007MedApr 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.

  • CVE-2024-30616Nov 4, 2024
    risk 0.00cvss epss 0.01

    Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

  • CVE-2024-27525Nov 1, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component.